idnits 2.17.1 draft-nottingham-http-header-reg-00.txt: Checking boilerplate required by RFC 5378 and the IETF Trust (see https://trustee.ietf.org/license-info): ---------------------------------------------------------------------------- ** Looks like you're using RFC 2026 boilerplate. This must be updated to follow RFC 3978/3979, as updated by RFC 4748. Checking nits according to https://www.ietf.org/id-info/1id-guidelines.txt: ---------------------------------------------------------------------------- == No 'Intended status' indicated for this document; assuming Proposed Standard Checking nits according to https://www.ietf.org/id-info/checklist : ---------------------------------------------------------------------------- ** The document seems to lack separate sections for Informative/Normative References. All references will be assumed normative when checking for downward references. Miscellaneous warnings: ---------------------------------------------------------------------------- == The copyright year in the RFC 3978 Section 5.4 Copyright Line does not match the current year -- The document seems to lack a disclaimer for pre-RFC5378 work, but may have content which was first submitted before 10 November 2008. If you have contacted all the original authors and they are all willing to grant the BCP78 rights to the IETF Trust, then this is fine, and you can ignore this comment. If not, you may need to add the pre-RFC5378 disclaimer. (See the Legal Provisions document at https://trustee.ietf.org/license-info for more information.) -- The document date (December 27, 2001) is 8156 days in the past. Is this intentional? Checking references for intended status: Proposed Standard ---------------------------------------------------------------------------- (See RFCs 3967 and 4897 for information about using normative references to lower-maturity documents in RFCs) == Unused Reference: '15' is defined on line 292, but no explicit reference was found in the text ** Downref: Normative reference to an Informational RFC: RFC 1945 (ref. '1') ** Obsolete normative reference: RFC 2068 (ref. '2') (Obsoleted by RFC 2616) ** Obsolete normative reference: RFC 2109 (ref. '3') (Obsoleted by RFC 2965) ** Downref: Normative reference to an Experimental RFC: RFC 2295 (ref. '6') ** Downref: Normative reference to an Historic RFC: RFC 2310 (ref. '7') ** Downref: Normative reference to an Informational RFC: RFC 2324 (ref. '8') ** Obsolete normative reference: RFC 2434 (ref. '9') (Obsoleted by RFC 5226) ** Obsolete normative reference: RFC 2518 (ref. '10') (Obsoleted by RFC 4918) ** Obsolete normative reference: RFC 2616 (ref. '11') (Obsoleted by RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235) ** Obsolete normative reference: RFC 2617 (ref. '12') (Obsoleted by RFC 7235, RFC 7615, RFC 7616, RFC 7617) ** Downref: Normative reference to an Historic RFC: RFC 2660 (ref. '13') ** Downref: Normative reference to an Historic RFC: RFC 2774 (ref. '14') ** Obsolete normative reference: RFC 2910 (ref. '15') (Obsoleted by RFC 8010) ** Obsolete normative reference: RFC 2965 (ref. '16') (Obsoleted by RFC 6265) -- Possible downref: Non-RFC (?) normative reference: ref. '18' -- Possible downref: Non-RFC (?) normative reference: ref. '19' -- Possible downref: Non-RFC (?) normative reference: ref. '20' -- Possible downref: Non-RFC (?) normative reference: ref. '21' -- Possible downref: Non-RFC (?) normative reference: ref. '22' -- Possible downref: Non-RFC (?) normative reference: ref. '23' -- Possible downref: Non-RFC (?) normative reference: ref. '24' -- Possible downref: Non-RFC (?) normative reference: ref. '25' -- Possible downref: Non-RFC (?) normative reference: ref. '26' -- Possible downref: Non-RFC (?) normative reference: ref. '27' -- Possible downref: Non-RFC (?) normative reference: ref. '28' -- Possible downref: Non-RFC (?) normative reference: ref. '29' -- Possible downref: Non-RFC (?) normative reference: ref. '30' -- Possible downref: Non-RFC (?) normative reference: ref. '31' -- Possible downref: Non-RFC (?) normative reference: ref. '32' Summary: 16 errors (**), 0 flaws (~~), 3 warnings (==), 17 comments (--). Run idnits with the --verbose option for more detailed information about the items above. -------------------------------------------------------------------------------- 2 Network Working Group M. Nottingham 3 Internet-Draft 4 Expires: June 27, 2002 J. Mogul 5 Compaq WRL 6 December 27, 2001 8 HTTP Header Field-Name Registries 9 draft-nottingham-http-header-reg-00 11 Status of this Memo 13 This document is an Internet-Draft and is in full conformance with 14 all provisions of Section 10 of RFC2026. 16 Internet-Drafts are working documents of the Internet Engineering 17 Task Force (IETF), its areas, and its working groups. Note that 18 other groups may also distribute working documents as Internet- 19 Drafts. 21 Internet-Drafts are draft documents valid for a maximum of six months 22 and may be updated, replaced, or obsoleted by other documents at any 23 time. It is inappropriate to use Internet-Drafts as reference 24 material or to cite them other than as "work in progress." 26 The list of current Internet-Drafts can be accessed at http:// 27 www.ietf.org/ietf/1id-abstracts.txt. 29 The list of Internet-Draft Shadow Directories can be accessed at 30 http://www.ietf.org/shadow.html. 32 This Internet-Draft will expire on June 27, 2002. 34 Copyright Notice 36 Copyright (C) The Internet Society (2001). All Rights Reserved. 38 Abstract 40 This note establishes an IANA registry for standardized HTTP header 41 field-names, and an IANA registry indexing known non-standardized 42 HTTP header field-names. 44 1. Introduction 46 HTTP/1.0 [1] and HTTP/1.1 [11] define message headers (respectively, 47 the HTTP-header and message-header protocol elements). These 48 specifications define a number of HTTP headers themselves, and also 49 provide for extension through the use of new field-names. 51 This note establishes two IANA registries; one that catalogs 52 standardized HTTP header field-names (i.e., those that have been 53 subject to review as a standards track document in the IETF), and an 54 advisory registry of known non-standard HTTP header field-names, 55 which have not yet been subject to review. 57 This second registry is intended to provide a list of HTTP header 58 field-names which are in use, and to help implementors and protocol 59 authors choose new headers field-names with less chance of collision 60 with already-deployed headers. It operates on a first-come, first- 61 served basis, and should not be considered to be a means of reserving 62 or claiming the use of a header field-name. 64 Neither registry tracks the syntax, semantics or type of field- 65 values. Only the field-names are registered; all other details are 66 specified in the defining document referenced by registry entries. 67 Significant updates to such references (e.g., the replacement of a 68 Draft Standard RFC by a Proposed Standard RFC, but not the revision 69 of an Internet-Draft) should be reported to IANA. 71 Note that while some HTTP headers have different semantics depending 72 on their context (e.g., Cache-Control in requests and responses), 73 both registries consider the HTTP header field-name name space 74 singular. 76 1.1 Requirements 78 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", 79 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this 80 document are to be interpreted as described in RFC 2119 [4]. 82 An implementation is not compliant if it fails to satisfy one or more 83 of the MUST or REQUIRED level requirements. An implementation that 84 satisfies all the MUST or REQUIRED level and all the SHOULD level 85 requirements is said to be "unconditionally compliant"; one that 86 satisfies all the MUST level requirements but not all the SHOULD 87 level requirements is said to be "conditionally compliant". 89 2. IANA Considerations 91 IANA shall create registries for two name spaces, as described in 92 BCP26 [9]: 94 o Standardized HTTP Header Field-Name Registry 96 o Known Non-Standardized HTTP Header Field-Name Registry 98 2.1 Standardized HTTP Header Field-Name Registry 100 The Standardized HTTP Header Registry defines the name space for the 101 field-name in the message-header of an HTTP message. 103 Values to be added to this name space MUST be subject to review in 104 the form of a standards track document within the IETF Applications 105 Area. Header field-names prefixed with 'X-' MUST NOT be registered. 107 An entry in this registry MUST include a citation to the most up-to- 108 date standards track document(s) that specifies the syntax and 109 semantics of the field. If a document either 'Obsoletes' or 110 'Updates' an older document, the entry SHOULD note that explicitly. 112 The initial values for this registry are those specified by: 114 o Hypertext Transfer Protocol -- HTTP/1.1 [11] (obsoletes RFC2068) - 115 Accept, Accept-Charset, Accept-Encoding, Accept-Language, Accept- 116 Ranges, Age, Allow, Authorization, Cache-Control, Connect, 117 Content-Encoding, Content-Language, Content-Length, Content- 118 Location, Content-MD5, Content-Range, Content-Type, Date, ETag, 119 Expect, Expires, From, Host, If-Match, If-Modified-Since, If-None- 120 Match, If-Range, If-Unmodified-Since, Last-Modified, Location, 121 Max-Forwards, Pragma, Proxy-Authenticate, Proxy-Authorization, 122 Range, Referer, Retry-After, Server, TE, Trailer, Transfer- 123 Encoding, Upgrade, User-Agent, Vary, Via, Warning, WWW- 124 Authenticate, MIME-Version, Content-Disposition 126 o HTTP Authentication: Basic and Digest Access Authentication [12] - 127 Authentication-Info 129 o HTTP State Management Mechanism [3] - Set-Cookie 131 o HTTP State Management Mechanism [16] (obsoletes RFC2109) - Cookie, 132 Cookie2, Set-Cookie2 134 o Web Distributed Authoring and Versioning [10] - DAV, Depth, 135 Destination, If, Lock-Token, Overwrite, Status-URI, Timeout 137 o Hypertext Transfer Protocol -- HTTP/1.1 [2] (Proposed Standard - 138 these field-names are now considered obsolete) - Content-Base, 139 Public, Content-Version, Derived-From, Link, URI, Keep-Alive 141 o Delta Encoding in HTTP [17] - A-IM, Delta-Base, IM 143 o Instance Digests in HTTP [18] - Digest, Want-Digest 145 o Simple Hit-Metering and Usage-Limiting for HTTP [5] - Meter 147 2.2 Known Non-Standardized HTTP Header Field-Name Registry 149 The Known Non-Standardized HTTP Header Registry attempts to index 150 HTTP message-header field-names in use. It is advisory only, and is 151 intended to be used in conjunction with the Standard HTTP Header 152 Registry as an aid in selecting new field-names, to reduce the 153 possibility of collision. 155 Values to be added to this name space are registered on a first-come, 156 first-served basis. Registrations SHOULD consist of a field-name, a 157 reference to the defining document(s) (if available), and a point of 158 contact for the registration. Header field-names prefixed with 'X-' 159 MUST NOT be registered. 161 The initial values for the registry should consider the referenced 162 document's author(s) as the point of contact for registration, if 163 available. 165 When a value is registered in the Standardized HTTP Header Field-Name 166 Registry, any corresponding value in the Known Non-Standardized HTTP 167 Header Field-Name Registry MUST be removed. 169 The IESG MAY appoint a domain expert to control registration if it is 170 judged that the facility is being abused. 172 The initial values for this registry are: 174 o Transparent Content Negotiation in HTTP [6] - Accept-Features, 175 Alternates, Negotiate, TCN, Variant-Vary 177 o The Safe Response Header Field [7] - Safe 179 o Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) [8] - Accept- 180 Additions 182 o The Secure HyperText Transfer Protocol [13] - Content-Privacy- 183 Domain, MAC-Info, Prearranged-Key-Info 185 o An HTTP Extension Framework [14] - C-Ext, C-Man, C-Opt, Ext, Man, 186 Opt 188 o PICS Label Distribution Label Syntax and Communication Protocols 189 [20] - PICS-Label, Protocol, Protocol-Request 191 o Platform For Privacy Preferences 1.0 [19] - P3P 193 o PEP - an Extension Mechanism for HTTP [23] - C-PEP, C-PEP-Info, 194 PEP, Pep-Info 196 o The HTTP Distribution and Replication Protocol [24] - Content-ID, 197 Differential-ID 199 o ESI Architecture [21] - Surrogate-Capability, Surrogate-Control 201 o Selecting Payment Mechanisms Over HTTP [22] - Protocol, Protocol- 202 Info, Protocol-Query, Protocol-Request 204 o Implementation of OPS Over HTTP [25] - GetProfile, ProfileObject, 205 SetProfile 207 o Notification for Proxy Caches [26] - Proxy-Features, Proxy- 208 Instruction 210 o Object Header lines in HTTP [27] - Content-Transfer-Encoding, 211 Cost, Message-ID, Title, Version 213 o A Proposed Extension Mechanism for HTTP [28] - Extension 215 o WIRE - W3 Identifier Resolution Extensions [29] - Optional, 216 Resolution-Hint 218 o Duplicate Suppression in HTTP [30] - SubOK, Subst 220 o Specification of HTTP/1.1 OPTIONS messages [31] - Compliance, Non- 221 Compliance 223 o Undocumented HTTP header field-names - [NOTE: these headers may be 224 removed from future drafts; please forward any known reference for 225 them ] 227 * Widely-used undocumented headers - Request-Range, UA-Color, UA- 228 CPU, UA-OS, UA-Pixels 230 * Implementation errors - Referrer 232 * Private features - Copyright, Content, Author, Contact, 233 Keywords, Generator, Description, Command, Session, Type, 234 Message 236 * Abandoned proposals - Unless-Modified-Since 238 3. Security Considerations 240 HTTP header field-name registrations do not guarantee that the 241 specified semantic or syntax of a field-value will be honored. 243 References 245 [1] Berners-Lee, T., Fielding, R. and H. Nielsen, "Hypertext 246 Transfer Protocol -- HTTP/1.0", RFC 1945, May 1996. 248 [2] Fielding, R., Gettys, J., Mogul, J., Nielsen, H. and T. 249 Berners-Lee, "Hypertext Transfer Protocol -- HTTP/1.1", RFC 250 2068, January 1997. 252 [3] Kristol, D. and L. Montulli, "HTTP State Management Mechanism", 253 RFC 2109, February 1997. 255 [4] Bradner, S., "Key words for use in RFCs to Indicate Requirement 256 Levels", BCP 14, RFC 2119, March 1997. 258 [5] Mogul, J. and P. Leach, "Simple Hit-Metering and Usage-Limiting 259 for HTTP", RFC 2227, October 1997. 261 [6] Holtman, K. and A. Mutz, "Transparent Content Negotiation in 262 HTTP", RFC 2295, March 1998. 264 [7] Holtman, K., "The Safe Response Header Field", RFC 2310, April 265 1998. 267 [8] Masinter, L., "Hyper Text Coffee Pot Control Protocol (HTCPCP/ 268 1.0)", RFC 2324, April 1998. 270 [9] Narten, T. and H. Alvestrand, "Guidelines for Writing an IANA 271 Considerations Section in RFCs", BCP 26, RFC 2434, October 272 1998. 274 [10] Goland, Y., Whitehead, E., Faizi, A., Carter, S. and D. Jensen, 275 "HTTP Extensions for Distributed Authoring -- WEBDAV", RFC 276 2518, February 1999. 278 [11] Fielding, R., Gettys, J., Mogul, J., Nielsen, H., Masinter, L., 279 Leach, P. and T. Berners-Lee, "Hypertext Transfer Protocol -- 280 HTTP/1.1", RFC 2616, June 1999. 282 [12] Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., 283 Leach, P., Luotonen, A. and L. Stewart, "HTTP Authentication: 284 Basic and Digest Access Authentication", RFC 2617, June 1999. 286 [13] Rescorla, E. and A. Schiffman, "The Secure HyperText Transfer 287 Protocol", RFC 2660, August 1999. 289 [14] Nielsen, H., Leach, P. and S. Lawrence, "An HTTP Extension 290 Framework", RFC 2774, February 2000. 292 [15] Herriot, R., Butler, S., Moore, P., Turner, R. and J. Wenn, 293 "Internet Printing Protocol/1.1: Encoding and Transport", RFC 294 2910, September 2000. 296 [16] Kristol, D. and L. Montulli, "HTTP State Management Mechanism", 297 RFC 2965, October 2000. 299 [17] Mogul, J., Krishnamurthy, B., Douglis, F., Feldmann, A., 300 Goland, Y., van Hoff, A. and D. Hellerstein, "Delta Encoding in 301 HTTP", October 2001, . 304 [18] Mogul, J. and A. van Hoff, "Instance Digests in HTTP", October 305 2001, . 308 [19] Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, 309 M. and J. Reagle, "Platform For Privacy Preferences 1.0 - P3P", 310 W3C WD-P3P, September 2001, . 312 [20] Krauskopf, T., Miller, J., Resnick, P. and W. Treese, "PICS 313 Label Distribution Label Syntax and Communication Protocols", 314 W3C REC-PICS-labels, October 1996, . 317 [21] Nottingham, M. and X. Liu, "ESI Architecture", W3C NOTE-edge- 318 arch, August 2001, . 320 [22] Eastlake, D., Khare, R. and J. Miller, "Selecting Payment 321 Mechanisms Over HTTP", W3C WD-jepi-uppflow, January 1997, 322 . 324 [23] Frystyk Nielsen, H., Connolly, D., Khare, R. and E. 325 Prud'hommeaux, "PEP - an Extension Mechanism for HTTP", W3C WD- 326 http-pep, November 1997, . 328 [24] van Hoff, A., Giannadnrea, J., Hapner, M., Carter, S. and M. 329 Medin, "The HTTP Distribution and Replication Protocol", W3C 330 NOTE-DRP, August 1997, . 332 [25] Hensley, P., Metral, M., Shardanand, U., Converse, D. and M. 333 Myers, "Implementation of OPS Over HTTP", W3C NOTE-OPS- 334 OverHTTP, June 1997, . 337 [26] Hallam-Baker, P., "Notification for Proxy Caches", W3C WD- 338 proxy, February 1996, . 340 [27] "Object Header lines in HTTP", May 1994, . 343 [28] Kristol, D., "A Proposed Extension Mechanism for HTTP", January 344 1995, . 347 [29] Girod, L., Chen, B., Frystyk Nielsen, H. and J. Mallery, "WIRE 348 - W3 Identifier Resolution Extensions", March 1998, . 352 [30] Mogul, J. and A. van Hoff, "Duplicate Suppression in HTTP", 353 April 1998, . 356 [31] Mogul, J., Cohen, J. and S. Lawrence, "Specification of HTTP/ 357 1.1 OPTIONS messages", August 1997, . 360 [32] Feldmann, A., "Usage of HTTP header fields", December 1998, 361 . 364 Authors' Addresses 366 Mark Nottingham 368 EMail: mnot@pobox.com 369 URI: http://www.mnot.net/ 370 Jeffrey C. Mogul 371 Western Research Laboratory, Compaq Computer Corporation 372 250 University Avenue 373 Palo Alto, CA 94305 374 US 376 Phone: 1 650 617 3304 (email preferred) 377 EMail: mogul@pa.dec.com 379 Appendix A. Acknowledgements 381 The authors would like to thank Anja Feldmann for "Usage of HTTP 382 header fields" [32] and the http-wg mailing list members for their 383 input. 385 Full Copyright Statement 387 Copyright (C) The Internet Society (2001). All Rights Reserved. 389 This document and translations of it may be copied and furnished to 390 others, and derivative works that comment on or otherwise explain it 391 or assist in its implementation may be prepared, copied, published 392 and distributed, in whole or in part, without restriction of any 393 kind, provided that the above copyright notice and this paragraph are 394 included on all such copies and derivative works. However, this 395 document itself may not be modified in any way, such as by removing 396 the copyright notice or references to the Internet Society or other 397 Internet organizations, except as needed for the purpose of 398 developing Internet standards in which case the procedures for 399 copyrights defined in the Internet Standards process must be 400 followed, or as required to translate it into languages other than 401 English. 403 The limited permissions granted above are perpetual and will not be 404 revoked by the Internet Society or its successors or assigns. 406 This document and the information contained herein is provided on an 407 "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING 408 TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING 409 BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION 410 HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF 411 MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. 413 Acknowledgement 415 Funding for the RFC Editor function is currently provided by the 416 Internet Society.